Archive

Category Archives for "Networking"

Using Linux hexedit and xxd commands to view and modify binary files

Linux systems support a number of file editors – like vi, vim, neovim, ne, GNU Emacs etc. But you can also install an editor that allows you to view the contents of and make changes to binary files--hexedit.With hexedit, you can edit images, executables and other binaries, though you have to know a lot about the format of the file you’re editing to make valid changes that don't disrupt the file's format. After all, you'll be editing one byte at a time. This is not meant to imply that you can't use this command for viewing or editing text files. There's just little or no reason to do that.To read this article in full, please click here

Using Linux hexedit and xxd commands to view and modify binary files

Linux systems support a number of file editors – like vi, vim, neovim, ne, GNU Emacs etc. But you can also install an editor that allows you to view the contents of and make changes to binary files--hexedit.With hexedit, you can edit images, executables and other binaries, though you have to know a lot about the format of the file you’re editing to make valid changes that don't disrupt the file's format. After all, you'll be editing one byte at a time. This is not meant to imply that you can't use this command for viewing or editing text files. There's just little or no reason to do that.To read this article in full, please click here

Turbocharging Host Workloads with Calico eBPF and XDP

In Linux, network-based applications rely on the kernel’s networking stack to establish communication with other systems. While this process is generally efficient and has been optimized over the years, in some cases it can create unnecessary overhead that can affect the overall performance of the system for network-intensive workloads such as web servers and databases. Calico Open Source offer an easier way to tame these technologies. Calico Open Source is a networking and security solution that seamlessly integrates with Kubernetes and other cloud orchestration platforms. While infamous for its policy engine and security capabilities, there are many other features that can be used in an environment by installing Continue reading

Being the Best at Beginning

The other day I was listening to an excellent episode of The Art of Network Engineering talking about technical marketing engineers (TME). The discussion was excellent and there was one line from Pete Lumbis in the episode that stuck with me. He said that one of the things that makes you good as a TME is being an “expert beginner”. That phrase resonates at lot with me.

Fresh Eyes on the Problem

I talked a bit about this last year when I talked about being a beginner and how exciting that it was to start over with something. As I compared that post to the AONE episode I realized that what Pete was talking about was a shift in mindset that gives you the energy and focus to pick things up quickly.

You may have heard the phrase “familiarity breeds contempt”. It’s a common phrase used to describe how we feel less impressed with things the more we learn about then. Our brains are wired to enjoy new things. We love new experiences, going to new places, or even meeting new people. The excitement and rush that we get from something unfamiliar causes our brain to devour things. It’s only Continue reading

BrandPost: Driving Impact: The AI Capabilities That Deliver Value

Your network is the heartbeat of the user experience. When it goes down, employees and customers get frustrated, which can lead to reduced productivity, abandoned sales, and other unwelcome business results. And there’s further frustration if users must call or submit a support ticket to IT. This extra step slows resolution. How can an organization avoid this scenario?The answer is experience-first networking, which includes a strong network infrastructure with visibility into how it’s performing. This approach provides the best possible experience for network operators who must keep the network heartbeat thrumming, as well as end users who keep the business moving.To read this article in full, please click here

BrandPost: Why You Need the Ability to Explain AI

Trust is a critical factor in most aspects of life. But this is especially true with complex concepts like artificial intelligence (AI). In a word, it’s essential for day-to-day users to trust these technologies will work.“AI is so complicated that it can be difficult for operators and users to have confidence that the system will do what it’s supposed to do,” said Andrew Burt, Managing Partner, BNH.AI.Without trust, individuals will remain uncertain, doubtful, and possibly even fearful of AI solutions, and those concerns can seep into implementations.To read this article in full, please click here

BrandPost: A Close Look at a Retailer’s Modern Network – and its ROI

Artificial intelligence (AI) solutions are grabbing headlines for good reasons. These technologies — which include intelligent automation, machine learning (ML), and natural language processing (NLP) — are delivering business value and easing the workloads of IT and network teams.For example, an AI-driven network can reduce the need for IT staff to: Travel to remote locations to provision network capabilities Spend days pushing out updated network configurations to access points Manually stitch together information to gain visibility into incidents Spend hours or days troubleshooting network support tickets AI-enabled network solutions can also help IT teams rapidly deliver network enhancements and get ahead of issues before they become problems. The combination of AI, ML, and data science enables automated event correlation, root cause identification, anomaly detection, and more. Together, these technologies optimize operations across wireless, wired, and SD-WAN networks.To read this article in full, please click here

Cyberattacks on Holocaust educational websites increased in 2022

Cyberattacks on Holocaust educational websites increased in 2022
Cyberattacks on Holocaust educational websites increased in 2022

Today we mark the International Holocaust Remembrance Day. We commemorate the victims that were robbed of their possessions, stripped of their rights, deported, starved, dehumanized and murdered by the Nazis and their accomplices. During the Holocaust and in the events that led to it, the Nazis exterminated one third of the European Jewish population. Six million Jews, along with countless other members of minority and disability groups, were murdered because the Nazis believed they were inferior.

Seventy eight years later, after the liberation of the infamous Auschwitz death camp, antisemitism still burns with hatred. According to a study performed by the Campaign Against Antisemitism organization on data provided by the UK Home Office, Jews are 500% more likely to be targeted by hate crime than any other faith group per capita.

Cyberattacks targeting Holocaust educational websites

From Cloudflare’s vantage point we can point to distressing findings as well. In 2021, cyberattacks on Holocaust educational websites doubled year over year. In 2021, one out of every 100 HTTP requests sent to Holocaust educational websites behind Cloudflare was part of an attack. In 2022, the share of those cyber attacks grew again by 49% YoY. Cyberattacks represented 1.6% of all Continue reading

Inside Geo Key Manager v2: re-imagining access control for distributed systems

Inside Geo Key Manager v2: re-imagining access control for distributed systems
Inside Geo Key Manager v2: re-imagining access control for distributed systems

In December 2022 we announced the closed beta of the new version of Geo Key Manager. Geo Key Manager v2 (GeoV2) is the next step in our journey to provide customers with a secure and flexible way to control the distribution of their private keys by geographic location. Our original system, Geo Key Manager v1, was launched as a research project in 2017, but as customer needs evolved and our scale increased, we realized that we needed to make significant improvements to provide a better user experience.

One of the principal challenges we faced with Geo Key Manager v1 (GeoV1) was the inflexibility of our access control policies. Customers required richer data localization, often spurred by regulatory concerns. Internally, events such as the conflict in Ukraine reinforced the need to be able to quickly restrict access to sensitive key material. Geo Key Manager v1’s underlying cryptography was a combination of identity-based broadcast encryption and identity-based revocation that simulated a subset of the functionality offered by Attribute-Based Encryption (ABE). Replacing this with an established ABE scheme addressed the inflexibility of our access control policies and provided a more secure foundation for our system.

Unlike our previous scheme, which limited future Continue reading

Towards a global framework for cross-border data flows and privacy protection

Towards a global framework for cross-border data flows and privacy protection
Towards a global framework for cross-border data flows and privacy protection

As our societies and economies rely more and more on digital technologies, there is an increased need to share and transfer data, including personal data, over the Internet. Cross-border data flows have become essential to international trade and global economic development. In fact, the digital transformation of the global economy could never have happened as it did without the open and global architecture of the Internet and the ability for data to transcend national borders. As we described in our blog post yesterday, data localization doesn’t necessarily improve data privacy. Actually, there can be real benefits to data security and - by extension - privacy if we are able to transfer data across borders. So with Data Privacy Day coming up tomorrow, we wanted to take this opportunity to drill down into the current environment for the transfer of personal data from the EU to the US, which is governed by the EU’s privacy regulation (GDPR). Looking to the future, we will make the case for a more stable, global cross-border data transfer framework, which will be critical for an open, more secure and more private Internet.

The privacy challenge to cross-border data flows

In the last decade, we have Continue reading

IDC networking trifecta: SD-WAN, automation, and analytics

To get the most out of SD-WAN, organizations should augment it with analytics and automation that can provide valuable insights and boost security as well, according to IDC.“SD-WAN plays an important role in just about everything enterprises want to do from supporting distributed applications or multi-cloud applications to providing on-ramps to the public cloud backbone and connectivity to site-to-site or site to multi-site use cases,” said Brandon Butler, research manager with IDC’s Enterprise Networks practice speaking at a Cisco-sponsored webinar this week.To read this article in full, please click here

Hedge 163: Netops, Mapping, and Working Hard

It’s one of those episodes where Tom, Eyvonne, and Russ just sit around and talk about the news of the day. We cover three topics in this show. The first is Netops, automation, and where this is all going. The second is on the FCC mapping process and the reality of broadband in the US. The third—perhaps a little controversial—is about IT work habits, innovation, and adding value.

download

Calico Open Source 2022 highlights

2022 has been a year full of new releases, new events, and new projects for Open Source Calico. Let’s take a look at Project Calico’s 2022 highlights and see if you’ve missed any exciting news.

New version releases

Project Calico is maintained by Tigera’s engineering team who are dedicated to adding new features, fixing bugs, and improving the user experience. Based on the feedback and support our team has received from the community, they have successfully released three new versions of Calico in the past year: v3.22, v3.23, and v3.24.

V3.22 (January 28th 2022)

  • Project Calico is now only a single directory, making it easier for contributors to add their changes
  • Ability to convert Kubernetes NetworkPolicy objects into Calico NetworkPolicies

V3.23 (May 9th 2022)

  • Added IPv6 VXLAN support
  • Added VPP dataplane beta
  • Added Calico networking support in AKS
  • BGP enhancements
  • Added container storage interface (CSI) support
  • Added Windows HostProcess containers support (tech preview)

V3.24 (August 18th 2022)

  • Added IPv6 WireGuard support
  • Added IPAM API enhancements
  • More operator installation configuration options
  • Added ability to split IP pools
  • Transitioned from pod security policies to pod security standards

Calico education and training

The newest addition to our Continue reading

Azure Networking Fundamentals: Internet Access with VM-Specific Public IP

Comment: Here is a part of the introduction section of the Third chapter of my Azure Networking Fundamentals book. I will also publish other chapters' introduction sections soon so you can see if the book is for you. The book is available at Leanpub and Amazon (links on the right pane).

In chapter two, we created a VM vm-Bastion and associated a Public IP address to its attached NIC vm-bastion154. The Public IP addresses associated with VM’s NIC are called Instance Level Public IP (ILPIP). Then we added a security rule to the existing NSG vm-Bastion-nsg, which allows an inbound SSH connection from the external host. Besides, we created VMs vm-front-1 and vm-Back-1 without public IP address association. However, these two VMs have an egress Internet connection because Azure assigns Outbound Access IP (OPIP) addresses for VMs for which we haven’t allocated an ILPIP (vm-Front-1: 20.240.48.199 and vm-Back-1-20.240.41.145). The Azure portal does not list these IP addresses in the Azure portal VM view. Note that neither user-defined nor Azure-allocated Public IP addresses are not configured as NIC addresses. Instead, Azure adds them as a One-to-One entry to the NAT table (chapter 15 introduces a Continue reading

Writing An IETF Draft: Formatting, Authorship, And Submissions

This series started by discussing the history of the IETF and some of the tools you might use to build submissions to the IETF process. This, the second, post, will consider document formatting and two of the (sometimes) more difficult sections of an IETF draft to fill in. Formatting Just using one of the acceptable […]

The post Writing An IETF Draft: Formatting, Authorship, And Submissions appeared first on Packet Pushers.

Navigating the changing data localization landscape with Cloudflare’s Data Localization Suite

Navigating the changing data localization landscape with Cloudflare’s Data Localization Suite

This post is also available in Português.

Navigating the changing data localization landscape with Cloudflare’s Data Localization Suite

At Cloudflare, we believe that deploying effective cybersecurity measures is the best way to protect the privacy of personal information and can be more effective than making sure that information stays within a particular jurisdiction. Yet, we hear from customers in Europe, India, Australia, Japan, and many other regions that, as part of their privacy programs, they need solutions to localize data in order to meet their regulatory obligations.

So as we think about Data Privacy Day, which is coming up on January 28, we are in the interesting position of disagreeing with those who believe that data localization is a proxy for better data privacy, but of also wanting to support our customers who have to comply with certain regulations.

For this reason, we introduced our Data Localization Suite (DLS) in 2020 to help customers navigate a data protection landscape that focuses more and more on data localization. With the DLS, customers can use Cloudflare’s powerful global network and security measures to protect their businesses, while keeping the data we process on their behalf local. Since its launch, we’ve had many customers adopt the Data Localization Suite. In this blog post we Continue reading

Hiding Malicious Packets Behind LLC SNAP Header

A random tweet1 pointed me to Vulnerability Note VU#855201 that documents four vulnerabilities exploiting a weird combination of LLC and VLAN headers can bypass layer-2 security on most network devices.

Before anyone starts jumping up and down – even though the VLAN header is mentioned, this is NOT VLAN hopping.

The security researcher who found the vulnerability also provided an excellent in-depth description focused on the way operating systems like Linux and Windows handle LLC-encapsulated IP packets. Here’s the CliffNotes version focused more on the hardware switches. Even though I tried to keep it simple, you might want to read the History of Ethernet Encapsulation before moving on.

1 2 3 3,071